02/04/2004 16:00 FAX AKIN GUMP 

Application No. 09/820,05^ 
Reply to Office Action of June 24, 2003 

REMARKS 

Claims 1-30 are pending and are unamended Withdrawal of all objections and rejections 
arc respectfully requested for at least the reasons set forth below. 

Grounds of Rejections 

Numerous errors appear to have been made in the grounds of rejection. A telephone call 
was made to the Examiner on July 8, 2003 to attempt to clarify the grounds of rejection, but the 
Examiner refused to review the application for clarification of any of the grounds. Applicants 
have presumed that the rejections should have read as follows: 

1. The 35 USC § 112, first paragraph, rejection was presumed to also include cl:iim 1 
since the limitation raised by the Examiner appears in claim L 

2. The 35 USC § 103 rejection of claims 2 and 17 was presumed to be in view of 
Montulli, Wagner andDutta, taken in combination. 

3. The 35 USC § 103 rejection of claims 15 and 30 was presumed to be in view of 
Touboul, Montulli and Wagner, taken in combination. 

Prior Art Rejections 

1. Claims 1 and 16 are Patentable over Montulli C242) 

Claim 1 is directed to a method of screening cookies in a client machine. A servu- 
receives a request from a subscriber to send a list of cookie file sources to the client mac hine. 
The list is downloaded from the server to the client machine. The downloaded list is then used to 
detect cookie files received at the client machine from sources on the downloaded list. 

In one embodiment of the claim 1 invention, the list may include web sites (cookie file 
sources) which are known to send cookies that when stored on a user's computer compromise a 
computer user's privacy. For example, some web sites send out cookies that track a user's web 
site navigation and report the results back to a designated web site, all without knowledge to the 
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user. See, for example, the discussion of how Doubleclick cookies are used on page 13 of 
Appendix A 1 . 

It is virtually impossible for an individual computer user to keep track of all of tlie web 
sites that send out undesirable cookies. The method in claim 1 allows a monitoring entity (e.g., 
a service provider) to keep track of such web sites and send a list of such web sites to a client 
machine upon request. During subsequent navigation by a user at the client machine, the list can 
be used to detect cookie files when a web site on the list is encountered by the client machine. 
Upon detection, the cookies files can be removed from the client machine and/or prevented from 
being stored, as recited in dependent claims 5 and 6. (Independent claim 1 is more broadly 
directed to using the list to detect cookie files.) 

Montulli (*242), hereafter, "Montulli, is a well-known patent that is touted as describing 
the original concept of a cookie. See page 11 of Appendix A, especially footnote 20. (IF.S. 
Patent No. 5,774,670 is the parent patent of Montulli '242.) The portions of Montulli referenced 
by the Examiner in the outstanding Office Action merely describe the purpose of a cookie, how 
cookies are sent, and what they do on a client machine. Montulli thus describes sending and 
|/f using cookie files. Nowhere does Montulli describe creating lists of cookie file sources (claim 1 
\| step (a)), downloading cookie file lists (claim 1, step (b)), or using a downloaded list to detect 

i cookie files (claim 1, step (c)). Claim 1 is directed to a specific process to assist a user in 
] screening cookies files, not to the very concept of a cookie itself as described in Montulli. 

To anticipate a method claim, a reference must disclose each and every step in the claim- 
Here, Montulli fails to disclose any of the steps in claim L In sum, Montulli has nothing 
whatsoever to do with the claimed invention and thus the rejection of claim 1 over Monmlli 
should be withdrawn. 

Claim 16 is similar to claim 1 and is thus patentable over Montulli for the same reasons 
as discussed above with respect to claim 1. 



1 Shah,R.C. et al. '^Governance Characteristics of "Code": The Role of Transparency, Defaults and 
Standards," 2002 Telecommunications Policy Research Conference, September 28-30, 2002. Alexandria Virginia, 
article posted on web site: I^://inteLsi.uirieh.edu/tprc/pa^ 

printout dat : October 23, 2003. 30 pag s (Appendix A includes pages 1 and 10-14 nly). 
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2. Patentability of Claims 7 and 22 over Dutta 

Claim 7 is directed to a method of creating a composite list of cookie file sources in a 
client machine. A first exception list is created that includes the identity of sources that are 
permitted to store cookie files in the client machine. A second exception list is created that 
includes the identity of sources that are not permitted to store cookie files in the client machine. 
A client machine receives a master list of cookie file sources from a service provider. The master 
list is then modified in accordance with the first and second exception lists. The compo rite list is 
the modified master list. 

Claim 7 is also related to the list of claim 1, except that it allows a user to modif y the list 
(referred to as a '^master list"). In one embodiment of claim 7, a user can customize a default, 
master list with trusted and untmsted web sites identified by the user. 

Dutta discloses an "unmodifiable cookie/* One purpose of the unmodifiable cookie is to 
address a problem in the art described in paragraph [0007] as follows; 

[0007] Web merchants commonly use cookies to track subscriptions they 
provide for Web content such as newsletters, magazines, etc. To entice 
potential permanent subscribers, the Web merchant often provides a free 
trial subscription to a user. The trial subscription is tracked using a cookie 
and once the free period expires, the merchant notifies the user in hopes 
that the user will purchase a subscription. This marketing model is not 
without its problems for example, the user has the ability to change his 
identity and register a subsequent time for the same free subscription. 
This can be done by removing and/or modifying the cookie resident on his 
computer. The merchant then loses a potential subscriber. Therefore, an 
unmodifiabie cookie that resides on the client machine would help to 
alleviate this problem. 

As described in paragraphs [0032] and [0033], encryption and hash functions may be us^d to 

make an unmodifiable cookie and to ensure that the cookie has not been altered when it is 

received at a host site. Dutta also discloses a process for allowing a browser to be set to either 

accept or reject 66 unmodifiable cookies" in the same manner that a conventional browser can be 

set to accept or reject normal (modifiable) cookies. See paragraph [0034]. For example. Internet 

Explorer has various security and privacy settings that determine how incoming cookies are 

handled. Dutta contemplates adding additional settings to address the handling of unmodifiable 

cookies. 
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Nowhere does Dutta disclose or suggest tracking cookie file sources (e.g., web sites) that 
are or are not permitted to store unmodifiable cookies in a client machine (claim 7, steps (a) 
and (b)). At best, Dutta discloses examining an incoming cookie and storing or not storing the 
cookie or treating the cookie in a special manner on a client machine depending upon whether or 
not it is an unmodifiable cookie (steps 314-320 of Fig. 3 and paragraph [0034] of Dutta). Nor 
does Dutta disclose or suggest a client machine that receives a master list of cookie file sources 
from any location (claim 7, step (c)), or the ability to modify the master list based on exception 
lists (claim 7, step (d)). 

To anticipate a method claim, a reference must disclose each and every step in tl te claim. 
Here, Dutta fails to disclose any of the steps in claim 7. In sum, Dutta has nothing whatsoever to 
do with the claimed invention and thus the rejection of claim 7 over Dutta should be wiihdrawn. 

Claim 22 is similar to claim 7 and is thus patentable over Dutta for the same reasons as 
discussed above with respect to claim 7. 

3. Patentability of Claims 12 and 27 over Touboul 

Claim 12 is directed to a method of creating a composite list of cookie file sources in a 
client machine. A client machine receives a master list of cookie file sources from a service 
provider. Cookie file sources that correspond to one or more trusted cookie file sources listed in 
the client machine are deleted from the master list. Likewise, cookie file sources that correspond 
to one or more untrusted cookie file sources listed in the client machine are added to the master 
list. The composite list is the master list as modified by any additions and deletions of tmsted 
and untrusted cookie file sources. 

Touboul discloses a process for treating "Downloadables." A "downloadable" refers to a 
"downloadable application program.* 1 (column 1, lines 43-44). A downloadable is further 
described in column 1, lines 44-57 which reads as follows; 

A Downloadable is an executable application program , which is 
downloaded from a source computer and run on the destination computer. 
Downloadable is typically requested by an ongoing process such as by an 
Internet browser or web engine. Examples of Downloadables include 
Java™ applets designed for use in the Java™ distributing environment 
developed by Sun Microsystems, Inc., JavaScript scripts also developed 
by Sun Microsystems, Inc., ActiveX™ controls designed for use in the 
ActiveX™ distributing environment developed by the Micr soft 
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Corporation, and Visual Basic also developed by the Microsoft 
Corporation. Therefore, a system and method are needed to protect a 
network from hostile Downloadables. (underlining added for emphasis) 

Security policies can be set regarding downloadables. For example, the URL from 
which the Downloadable originated from can be compared against trusted and untnistett URLs, 
and the result of the comparison may be used to allow or block the Downloadable (column 2, 
lines 17-20; column 6, lines 38-48). 

Touboul has nothing whatsoever to do with cookie files or cookie file sources , 
Downloadables are executable application programs that are run on a client machine, whereas 
cookie files are merely data files which are not executed or nut Thus, Touboul does not disclose 
or suggest claim 12, steps (a)-(c), Even if it presumed that the manner in which Touboul handles 
downloadables can be applied to cookie files (a presumption that Applicants disagree with), 
Touboul still does not disclose or suggest the process m claim 12. 

Touboul describes nothing more than a locally generated static security policy fur 
downloadables, not a process for distributing a security policy for downloadables from ;l service 
provider to a client machine which can then be customized at the client machine. There is no 
concept of a "service provider" in Touboul that maintains a master list of downloadable s. The 
Examiner states that column 2, line 17 of Touboul discloses "receiving a cookie master list from 
[a] server." As discussed above, column 2 7 line 17 merely describes that a URL from which a 
Downloadable originated from can be compared against trusted and untrusted URLs, and the 
result of the comparison may be used to allow or block the Downloadable. Nowhere does this 
sentence disclose or suggest that a service provider maintain the list of trusted and untrusted 
URLs, or that the list is sent from a service provider to a client machine, as recited in cltriro 12, 
step (a). 

In contrast to Touboul, claim 12 provides a method wherein a master list of cookie file 
sources are sent from a service provider to a client machine. The client machine can then add or 
delete cookie file sources to and from the master list to create a composite list, In this n Lanner, 
each client machine can develop its own personalized list, starting with the original master list. 

The Examiner further concedes that Touboul lacks any disclosure of deleting or adding 
cookie file sources, as recited in claim 12, steps (b) and (c), but then asserts that these steps 
would have been obvious to an artisan "for the purpose of providing tests to determine whether 
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to allow or block a downloadable" as described in column 2, line 20 of Touboul, This leasoning 
is incorrect. The tests referred to in column 2, line 20 is merely a test of a URL that a user has 
navigated to (or wants to navigate to) against a preestablished list of trusted and untrusted URLs. 
No deleting from or adding to that list is required to perform the test described in Touboul, nor 
does Touboul suggest that the list may be or should be customized by a user. Li sum, the 
Examiner is improperly modifying Touboul by using improper hindsight reconstruction of 
Applicants* invention. 

To render a method claim as being obvious, a reference must disclose or suggest each and 
every step in the claim. Here, Touboul fails to disclose or suggest anj of the steps in cLdrn 12. 
In sum, Touboul has nothing whatsoever to do with the claimed invention and thus the i ejection 
of claim 12 over Touboul should be withdrawn. 

Claim 27 is similar to claim 12 and is thus patentable over Touboul for the same reasons 
as discussed above with respect to claim 12. 

4. Patentability of Dependent Claims 2-6. 8-11. 13-15. 17-21. 23-26 and 28-30 

The dependent claims are believed to be allowable because they depend upon respective 
allowable independent claims, and because they recite additional patentable steps, Wagner does 
not make up for any of the highlighted deficiencies in the references applied against the 
independent claims. 



o 



35 US.C. § 112, First Paragraph, Rejection 



The Examiner alleges that the specification fails to provide an enabling disclosure of how 
to obtain a list of cookie files from a server. Applicants traverse this rejection. 

Page 6> lines 1-4 of the specification describes one process for obtaining a list of cookie 
files from a server, and reads as follows: 

As shown in FIG, 1, the present invention begins with the use of a privacy 
server 10, which maintains a watch list 12 of privacy protection criteria 
(e.g„ a list of untrusted cookie file sources) and sends over a network a 
local copy of the watch list 14 to client machine 20 in response to a 
request received from a subscribing user of client machine 20. 
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The process for causing a client machine to make a request for a data file over a network (e.g., 
the Internet, as clearly implied by the use of URLs in the specification) is extremely well-known 
in the art. This process is no different than accessing any type of file that is on a remote server. 
An application merely opens an Internet connection and makes a request. 

A search on google.com of: "how to download" "data file" server 
returned 753 results, many of which describe exactly how to download data files using 
conventional computer software and hardware components (Appendix B). Another search on 
google.com of: "download a data file" 

returned 2,360 results, many of which also describe exactly how to download data files using 
conventional computer software and hardware components (Appendix B). 

Since the list of cookie files is just a data file, any conventional process for downloading 
a data file from a server can be used for this process. In sura, it is believed that an artisan would 
have known how to obtain a list of cookie files from a server using the above-highlighted 
description of the process in the specification, in conjunction with well-known file downloading 
processes. 

35 U.S.C* § 112, First Paragraph, Rejection 

Claim 7 was rejected for allegedly lacking an antecedent basis for "the composite list." 
This rejection is traversed. line 1 of claim 7 recites "a composite list" and thus provides a 
sufficient antecedent basis for "the composite list" which appears in line 10 of claim 7. 
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Conclusion 



Insofar as the Examiner's rejections were fully addressed, the instant application is in 
condition for allowance. Issuance of a Notice of Allowability of all pending claims is therefore 
earnestly solicited. 

Respectfully submitted, 
ADAM R. SCHRAN et al. 

Qgtok&r By: tjLpjJh- SUaJ$~l^ — 

(Dale) ^ CLARK A. JARGON 



Registration No. 35,039 

AKIN GUMP STRAUSS HAUER & FELD LLP 

One Commerce Square 

2005 Market Street, Suite 2200 

Philadelphia, PA 19l'03-7013 

Telephone: 215-965-1200 

Direct Dial: 215-965-1293 

Facsimile: 215-965-l|210 

E-Mail: cjablon@akingump.com 
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Governance Characteristics of "Code": The Role f Transparency, Defaults, 

and Standards 



Rajiv C. Shah* & Jay P. Kesan** 



2002 Telecommunications Policy Research Conference 
September 28-30, 2002 
Alexandria, Virginia 



Abstract: 



Regulation through "code," Le., the hardware and software of communication 
technologies, is growing in importance. Policymakers are addressing societal concerns s ach as 
privacy, freedom of speech, and intellectual property protection with code-based solutions. 
While scholars have noted the role of code, mere is little analysis of the various features or 
characteristics of code that have significance in regulating liehavior. This paper examines the 
social, technical, and legal ramifications of three universal governance characteristics of code 
that are significant in regulating behavior. The characteristics are crucial in understanding how 
code operates as well as the various possible regulatory settings for code. These characteristics 
studied are transparency, defaults, and standards. | 

These characteristics were identified through a number of case studies, which explored 
how code regulates by studying code in a variety of historical periods, developed within different 
types of institutions, and based upon diverse expectancies of user competencies. The case 
studies include the Finger protocol, Netscape's cookies technology, and the Platform for Internet 
Content Selection developed by the World Wide Web Consortium. 

The first characteristic analyzed is transparency Transparency in code allows people to 
understand how code operates. This allows people to make an informed decision when using 
code. For regulators, transparency allows them to ensure code properly addresses issues of 
societal concern. For example, a key complaint of content filtering software is its lack oi 
transparency Users and policymakers do not know what material is and is not being blocked. 
We discuss several important regulatory issues with transparency, including its contextua I nature 
and dependence upon implementation. 

The second characteristic is the role of defaults. De: faults set the condition for how code 
operates in the absence of intervention. Defaults are a method regulators can use to ensure 



the importance of defaults, their 
An example of the use of defaults 



people have multiple options when using code. We discuss i 
power, and also why people may not follow default settings, 
concerns privacy. Should the defaults of code be designed so people have to intervene to protect 
their privacy or only intervene when giving up personal infonnation? 

The third characteristic is standards. We use this term broadly to encompass open 
standards that allow for interoperability as well as modularity that saves developers from 
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In the 5 years that I have been at CMU, I have watched a decline of direct person- 
to-person talking and an increase of computer-based conferencing of all kinds. I 
have seen people send computer mail to someone ten feet away to avoid having 1o 
get out of a chair and actually use his vocal cords. I have seen an increasing 
number of design discussions take place entirely within the confines of the 
computer. And I have watched the "sense of community" that is so valuable lo 
research institutions become weaker and weaker" J[. . J Personal privacy in the 
face of computer systems and data bases is a very sticky problem, but it is not the 
problem that I was trying to address with my complaints about closedness. I was 
worried, and still am worried for that matter, about the decay of our lab as a place 
in which to do research and creative thinking. I certainly don't want some credit 
bureau to know when I last logged out of the machine, but I certainly do want my 



co-workers to know when I did. The question of 
important. 



' resembles 



This discussion over privacy rights in 1979 
privacy. In our future work, we will carefully analyze this 
we choose to focus on how changes in code affected privacjy. 



Vho is asking" is to me very 



many contemporary concerns over 
controversy. However, for th i s paper 



B. Cookies 

Cookies are part of several technologies Netscape developed in order to position its web 
servers for commerce. The cookies technology was the most innovative feature and one that 
would forever alter the web. According to Lessig, '"before cookies, the Web was essentially 
private. After cookies, the Web becomes a space capable of extraordinary monitoring." 1 ' In 
early web browsers, the Internet was a stateless place. A stateless web is analogous to a vending 
machine. It has little regard for who you were, what product you are asking for, or how j aany 
purchases you have made. It has no memory. The lack of statelessness on the web makes 
commerce difficult. For example, without a state mechani Jm, buying goods is analogous to 
using a vending machine. You could not buy more than one product at a time and there would 
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be no automatic one-click automated shopping feature that remembers your personal 
information. 

Cookies solve the statelessness problem by storing data on the users computer. I ou 
Montulli and John Giannandrea developed the cookies technology or more formally titled, 
Persistent Client State HTTP Cookies. 20 Programmers used the term cookies to refer to u small 
data object passed between cooperating programs. Similarly, Netscape would use cookies to 
pass information between a user's computer and the web site they were visiting. The fir>;t use of 
cookies was by Netscape to determine if visitors to Netscape's web site were repeat visitors or 
first time users. 21 

Cookies were incorporated in the earliest version of Netscape's web browser released in 
1994, Cookies were not made public to users in several ways. Netscape turned the feature on by 
default without notifying or asking the consent of users. 22 Second, there was no notification 
mechanism to alert people when cookies were being placed on their computer. Users did not 
know that information about them was being saved. Third, the cookies technology was not 
transparent. Examining a cookies file provides no information about what is stored in tho cookie 
file. Fourth, there was no documentation available that explained what cookies were and their 
privacy implications.™ 



19 John Schwartz, Giving the Web a Memory Cost Its Users Privacy, N.Y. TIMES, Sep. 04, 200 1 , available at 
bttp;//ww.nytiraes^^ 

*° Id See also Netscape, Persistent Client State HTTP Cookies, at 

http;//home.netrcape.coi^nw (last visited Sep. 19, 2001) (the original Netscape 

specification on cooties); Persistent Client State in a Hypertext Protocol Based Client-Server System, U.S. Patent 
No. 5,774,670 (issued June 30, 1998) (filed on Oct 6, 1995), Simon St. Laurent, Cookies (1998) (providing an 
excellent overview of cookies and how to use them). 

21 Netscape browsers default home page is Netscape's web site. This meant every user would visit Netscape's web 
site at least once. See Alex S. Vieux, The Once and Future Kings, Red HERRING, Nov, 1, 1995. 

22 Lynette I. Millott ct nL, Cookies and Web Browser Design: Toward Realizing Informed Consent Online, CHI 2001 
Proceedings, at 46 (2000) (conducting an analysis of cookie management tools in web browsers). 

23 In fact, technically proficient users in 1995 called fbr Netscape to document me cookies feature. For exe mple, 
Marc Hedhmd listed the following problems with Netscape's implementation of cookies, "1. Why doesn't tlic word 
"cookie" appear in the Netscape Online Handbook?, 2. Why isn* the cookie specification URL given in any 
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Netscape incorporated cookies into its web browsers released in 1994. It wa$ not: until 
early 1996 that the public became aware of cookies. The Financial Times broke the story on 
February 12, 1996 with an article on cookies and privacy. 24 The article immediately drew 
attention to cookies and resulted in a great deal of uproar about the use of cookies. Over the next 
few years, cookies became one of the top Internet privacy issues. 

Netscape's cookies led to Internet Engineering Task Force (JETF) to begin work on a 
standard for state management on the Internet. The IETF, as the de facto Internet standards 
body, sought to ensure there was a complete technical specification on state management: 
Eventually, they decided to use the Netscape's cookies specification as the basis for the IBTF's 
standard. However, the standards process soon ran into problems. 25 The IETF found tha t 
Netscape's implementation of cookies was fraught with privacy and security problems. 

The most serious problem was third party cookies. The intent of Netscape's cookies 
specification was to only allow cookies to be written and read by the web site the person was 
visiting. For example, if the New York Times placed a cookie on a computer, Amazon.com 
could not read or modify the New York Times cookie. This provided security and privacy by 
only allowing sites access to information they authored. However, Netscape's cookies 
specification allowed third party components of a web page to place their own cookies. This 
created a loophole by which third parties could read and write cookies. This security ancl privacy 
defect was the outgrowth of the rapid development and incorporation of the cookies technology. 



README or implementation notes file?, ... [3] How are users supposed lo know what information is being kept 
about them, or for how long7" Marc Hedhmd, State Wars, part XI (was: Revised Charter), HTTP-WG Mailing 
LIST, Nov. 1, 1995, available hltp://www jcs.uci.ed^ 

24 Tim Jackson, This Bug in Your PC is a Smart Cookie, FlN. TIMES, Feb. 12, 1996. The next day a similaj story 
appeared in the United States. See Lee Gomes, Web 'Cookies " May Be Spying on You, SAN JOSE Mercur V NEWS, 
Feb. 13, 1996. 

25 David M. Kristol, HTTP Cookies: Standards, Privacy, and Politics, ACM TRANSACTIONS Internet Te^., Nov. 
2001, at 10. 
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This loophole has led to a new breed of businesses, the online advertising management 
companies. 26 

Third party cookies can be used by online advertising companies to create detailed 
records on a person's web browsing habits. Many sites contract out their banner advertising to 
advertising management companies. These companies find advertisers for web sites and ensure 
that their banners appear on the web site. For example, DoubleClick sells advertising space on 
sites such as ESPN and the New York Times. DoubleClick is also responsible for placing the 
banner advertising on their client's web site. Through the loophole of third party cookies, 
DoubleClick uses its advertising banners on an ESPN web page to place a cookie when <l person 
visits ESPN. DoubleClick can then read and write to that same cookie when the same person 
visits the New York Times web site. 27 This allows DoubleClick to aggregate the inform.ition 
about a person's web surfing from its client web sites. They can then create a detailed profile of 
a person's surfing habits. This has obvious and serious privacy implications. 28 

The IETF's cookies standard is critical of third party cookies allowed by Netscape's 
cookies specification. The standard states that third party cookies must not be allowed, (t does 
allow an exception if the program wants to give the user different options. However, the 
baseline default must be set to off. 29 It also requires that the user be able to disable cookies, 
determine when a stateful session is in progress, and be able to save cookies depending upon the 
cookies domain. This last one is especially significant, because it allows users to manage what 
sites can and can't place cookies. 

26 Schwartz, supra note 19. 

27 Kristol, supra note 25 at 30. 

21 Michael Go wan, How It Works: Cookies, PC WOHU>, Feb. 22, 2000, available at 
http;//www.pCTTOrldcom/her^^ 

29 David Kristol & Loo MontuUi, HTTP State Management Mechanism, RFC 2965, Oct. 2000, available at 
ftp://flp.isi.edu/in-note5/rfc2965.txt A central premise of the standard is that informed consent should guide the 
design of systems using cookies. 
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Despite the IETF's standard, Netscape's and Microsoft's browsers have allowed tliird 
party cookies. They never fully followed the standard. The latest version of web browsers still 
accept third party cookies by default to satisfy the advertising management companies. 
However, they have improved their cookie management tools. This allows people to mange 
what sites can and can't place cookies. 

C. Platform for Internet Content Selection 

The history of the Platform for Internet Content Selection (PICS) begins with proposed 
legislation to regulate indecent speech on the Internet by Senator Exon in the summer of 1994, 30 
Senator Exon reintroduced his legislation in February 1995. This would eventually become the 
Communications Decency Act (CDA), 31 On June 14, 1995, the Senate approved an amendment 
(the CDA) to the United States Telecommunications Competition and Deregulation Act of 1995 
that would make it unlawful to transmit indecent material over the Internet to minors. This 
proposed legislation was followed by the now infamous Time cover story on cyberpom 32 This 
combination of media and political pressure threw the upstart Internet companies into action. 

In June of 1995, the W3C began setting up a meeting to discuss technical solutions for 
the regulation of Internet content In August 1995, the W3C held a members meeting with two 
goals in mind. The first was to create a viewpoint independent content labeling system. ' Phis 
would allow content to be labeled in many different ways. This labeling system went beyond 
movie ratings of content but was more general to encompass other classification schemes such as 

30 140 Cong. Rec S. 9745 (1994) (including the amendment to S. 1882 by Senator Exon) available at 
http://www,eff.org/Censorshi^^ 

31 Communications Decency Act of 1995, S. 314, 104th Cong. (1995). 

32 Philip Elmer-Dowitt, On a Screen Near You; Cyberporn> TIME, July 3, 1995, available at 
http://www.time.(ttni/^^ 
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